Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

packagist Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1tNThxLXFxNWgtbWdxcc4AAtkP
Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
Ecosystems: packagist
Packages: islandora/islandora
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zY3c1LTdjeHctdjVxZ84AAxTp
Dompdf vulnerable to URI validation failure on SVG parsing
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00dzhyLTN4cnctdjI1Z84AA12q
Craft CMS Remote Code Execution vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxanEtNjl3Ni1mZzU3
XSS vulnerability with translator
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS05N20zLTUyd3IteHZ2Ms4AA5dJ
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qcDRnLXI4YzktMzUzNM4AAQ5D
Moodle Blind SSRF Risk in /badges/mybackpack.php
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wMzc5LWN4cWgtcTgyMs4AAy9f
SQL filter bypass leading to arbitrary write requests using "SQL Manager"
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01NmdqLW12aDYtcnA3Nc4AAxd4
URI validation failure on SVG parsing. Bypass of CVE-2023-23924
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02NzR2LTNnMnctODRneM02ZA
Sandbox bypass in fenom
Ecosystems: packagist
Packages: fenom/fenom
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01cndtLTJ4dzgtaGg5cM4AA5X7
Deserialization of Untrusted Data in Torrentpier
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS14Y3EzLTdwZjMtNWp2Y84AA1Ei
Cockpit PHP Remote File Inclusion vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1nY2NxLWgzeGotamd2Zs4AA5N1
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00amNoLThxcTUtaHFnNs4AA3CO
Froxlor Improper Input Validation vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1ndzM3LXZtdnctZjgzM84AAbnK
Dolibarr SQL Injection in doli/theme/eldy/style.css.php via the lang parameter
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xbThtLTc2MjYtNzYyaM4AAZKA
Dolibarr SQL injection vulnerability in admin/menus/edit.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qamdxLWpxOGctMjR3NM4AAZKC
Dolibarr SQL injection vulnerability in don/list.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03dzNjLWpnaDctY3dqd84AAnt_
qcubed PHP object injection
Ecosystems: packagist
Packages: qcubed/qcubed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14Mzd2LTk4ZjktbWozMs4AAg5V
phpMyAdmin SQL injection in Designer feature
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01N3dqLTIydzktd205cs4AAWrX
Dolibarr SQL injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05djdtLWYzY3YtNjhyd84AAXmF
Dolibarr SQL injection vulnerability in comm/multiprix.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nNW1xLXY5aGYtOTU4aM4AAWVF
Dolibarr SQL injection vulnerability in product/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xYzg2LXZnZjItNmZxNs4AAx9M
Moodle SQL Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12OXA5LTUzNXctNDI4Nc0shg
Prototype Pollution in litespeed.js and appwrite/server-ce
Ecosystems: packagist, npm
Packages: appwrite/server-ce, litespeed.js
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14eDc3LXc2cDUteHZtas4AAn1j
ShopXO RCE Vulnerability
Ecosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cmMtcngyNS04bTg2
Improper Input Validation in Symfony
Ecosystems: packagist
Packages: symfony/var-exporter, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS03ZmY0LWN2NTMtNGNqcc4AAmL9
phpMyAdmin SQL injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mNzMyLWZ4aDYtZzRxas4AAUU4
phpMyAdmin SQL injection in Designer feature
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oMzRxLTg3OHctdzk2cs4AAUCK
Dolibarr SQL injection via the integer parameters qty and value_unit
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02amhtLTR2bXgtbXI3Ns0mbA
SQL injection in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12NDN2LXB2OTUtamM1Nc4AAx-F
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qanFxLW05OTgtNTNqZs4AAWga
Dolibarr SQL injection vulnerability in product/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qN2c4LTNxcWctOGN2bc4AAUrm
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tOGp4LW14ZjktMnJwd84AApWC
NukeViet SQL Injection vulnerability
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tNXJnLWc2ZjktOHdwd84AAWhZ
Dolibarr SQL injection vulnerability in product/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03Nzg5LXY3NjctMzdyNc4AAXl_
Dolibarr SQL injection vulnerability in adherents/subscription/info.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnOGotOHc1Mi03MzV2
Missing warning can lead to unauthenticated admin access in SilverStripe
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapper
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yaHZoLWM1YzItdmo4Nc4AAdEL
Zend Framework SQL injection vector using null byte for PDO
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tcXc5LTNjam0teHdwM84AAvIw
Moodle Minor SQL injection risk in admin user browsing
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yeG1tLWc0ODItNDQzOc0y7A
DQL injection through sorting parameters blocked
Ecosystems: packagist
Packages: sylius/grid-bundle
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mZmY5LW02ZjYtcTNtaM3zGA
Dolibarr SQL Injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jOTVmLTI3Z3gtNnZxOc4AATWn
phpWhois arbitrary code execution via a crafted whois record
Ecosystems: packagist
Packages: truckersmp/phpwhois, simple-updates/phpwhois, serluck/phpwhois, kazist/phpwhois, ivankristianto/phpwhois, david-garcia/phpwhois, brightlocal/phpwhois, phpwhois/phpwhois, jsmitty12/phpwhois
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xNXJnLXdnN2gtNzNtNc4AAh_b
LibreNMS Information Disclosure
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14d3Y2LXY3cXgtZjVqY80tiQ
Code injection in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02d2hmLXE2cDUtODR3Z80WBw
Improper Access Control in Webauthn Framework
Ecosystems: packagist
Packages: web-auth/webauthn-framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yNHEyLTZ4MzctY2djeM4AAWU9
Dolibarr SQL injection vulnerability in product/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB
Drupal Core Access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05OHZjLTk4cTctNTdxZs4AAbnU
Dolibarr ERP and CRM Insecure Encryption
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05YzI0LWczMmctMzVyas4AAWPD
Drupal PECL YAML parser unsafe object handling
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1oaGcyLWc2aDYtYzI2Ns4AAid-
Yii SQL injection vulnerability
Ecosystems: packagist
Packages: yiisoft/yii2-dev
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yZ2czLTN3aDctdzkzNc0ypw
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05MnJ2LTRqMmgtOG1qas4AA1xE
Snappy PHAR deserialization vulnerability
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in Drupal
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zZnB2LTU0ZmYtd3Fmas3jyQ
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12eHI5LXAyeHctbThjZs4AAqpz
Dolibarr remote PHP code execution
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nNDM0LTNxMmotaGo0cs4AAWhd
CodeIgniter Session Fixation Vulnerability
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14MncyLXFndjYtOHhybc39cw
Elefant CMS PHP Code Execution Vulnerability
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyeGctNndjai02eGY5
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
Ecosystems: packagist
Packages: vanilla/safecurl
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nOTJyLTlyeHctY21neM4AAw_S
phpMyFAQ Improper Authentication vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01ODY4LWc1OGotdnJqNc4AASLm
phpMyAdmin Improper Privilege Management
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnamMtMzMyYy04Y21j
SQL injection in phpMyAdmin
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS04Zmo2LXBjNXItMzQ3cc4AAnuE
qcubed SQL injection vulnerability in profile.php via the strQuery parameter
Ecosystems: packagist
Packages: qcubed/qcubed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13MnhmLTRnZzktODd3cs4AATSo
Centreon allows SNMP trap SQL Injection
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oNGNjLWZ4cHAtcGd3Oc4AAyQh
baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zMmdyLXg3NmctMjY3d84AAxhv
SQL injection in webbuilders-group silverstripe-kapost-bridge
Ecosystems: packagist
Packages: webbuilders-group/silverstripe-kapost-bridge
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Zend Framework SQL injection vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-db, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 11 days ago
Critical
GSA_kwCzR0hTQS14cDJmLTlteDMtM2M2cM4AAtoC
Moodle PostScript Code Injection
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnZ3ctaDhwcC1yOTVy
October CMS Session ID not invalidated after logout
Ecosystems: packagist
Packages: october/rain
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS14OTNqLTNoaDMtNngyM84AAv9W
Insufficient Session Expiration in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yaG1tLXEyNzIteG1oZs4AAvIu
Moodle remote code execution
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1taDlqLXY2bXEtcGZjaM0ZMQ
Path manipulation in matyhtf/framework
Ecosystems: packagist
Packages: matyhtf/framework
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02dnA1LXZ2OXAtN3E2Ms4AAxkU
Command Injection in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03Zmg5LTkzM2ctODg1cM4AAUGf
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zZmhqLXdwdmoteDV3OM4AAwaM
laravel-jqgrid vulnerable to SQL Injection
Ecosystems: packagist
Packages: mgallegos/laravel-jqgrid
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01aHc0LW03ZjMtaGh4OM4AAvLl
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Ecosystems: packagist
Packages: spoonity/tcpdf, la-haute-societe/tcpdf, fooman/tcpdf, tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00Mjg2LWg0N2gtbTV2Ns0WtA
Showdoc File Upload Vulnerability
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwMm0tN2NmcC1oNmdm
Incorrect persistent NameID generation in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1wcmNnLW1jMjMtaGdqaM4AAxNE
phpmyadmin contains SQL Injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14aHEzLTQ1NXIteHY0NM4AAayr
Moodle SQL injection via user preferences
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yOTgtZmg1Yy1qYzY2
Object injection in PHPMailer/PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1nMzg5LXJmNXAtZmc1Ns4AAwCr
Badaso vulnerable to Remote Code Execution (RCE)
Ecosystems: packagist
Packages: badaso/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yOW13LWd3eDktdjNoNc4AAVU6
zend-mail remote code execution via Sendmail adapter
Ecosystems: packagist
Packages: zendframework/zend-mail
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xMmZwLWp3ODctODZweM4AAz-_
laravel-s vulnerable to Local File Inclusion
Ecosystems: packagist
Packages: hhxsv5/laravel-s
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1xcnZqLTI3NGgtaGZjZ80ZRw
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12NTlwLXA2OTItdjM4Ms4AAig9
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zend-db, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0ycGNqLTc2aGoteHFobc4AAb2x
CodeIgniter arbitrary code execution
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ncTZ3LXE2d2gtamdnY84AAyLG
PHAR deserialization allowing remote code execution
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yeDNyLTdqZ20tZ2g4eM4AAy--
Remote code execution in Voyager
Ecosystems: packagist
Packages: tcg/voyager
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wZ3BoLW1jNHAtZjhjM84AAi34
phpMyAdmin unsanitized Git information
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxNXgtN214cC1ycDZq
Remote code execution via vulnerable Symphony dependecy injection
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1tNXY3LXByMzItbWp4Ms0Wbw
Critical severity vulnerability in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xampqLTdnN2gtNTR2M84AAu09
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jajJmLTk2anEtcGhwcM4AAV-a
Shopware RCE Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yN2M5LWM2OW0tcnBoOM02Aw
Code Injection in PHPUnit
Ecosystems: packagist
Packages: phpunit/phpunit
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mOGZ2LWY3ODYtOTkzM80skg
Magento improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02cGoyLTVmcXEteHZqY80c2g
Incorrect Authorization in latte/latte
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wOWhwLTNncHYtNTJ3M84AAVUb
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zendframework1, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 607
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
moodle/moodle 323 magento/community-edition 182 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/drupal 61 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 shopware/platform 48 baserproject/basercms 43 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 nilsteampassnet/teampass 37 froxlor/froxlor 36 shopware/core 36 silverstripe/framework 32 snipe/snipe-it 32 mautic/core 29 getgrav/grav 28 shopware/shopware 27 centreon/centreon 27 magento/core 24 prestashop/prestashop 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 contao/core-bundle 21 forkcms/forkcms 18 tribalsystems/zenario 18 contao/contao 18 cakephp/cakephp 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 francoisjacquet/rosariosis 17 symfony/security 17 topthink/framework 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 15 symfony/security-http 14 typo3/cms-backend 14 phpmailer/phpmailer 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 smarty/smarty 14 ezsystems/ezpublish-kernel 14 elefant/cms 13 codeigniter4/framework 13 lavalite/cms 13 impresscms/impresscms 13 bolt/bolt 13 october/system 13 phpmyfaq/phpmyfaq 12 dompdf/dompdf 12 phpbb/phpbb 12 studio-42/elfinder 12 zendframework/zendframework 11 feehi/cms 11 feehi/feehicms 11 silverstripe/cms 11 wallabag/wallabag 10 ezsystems/ezplatform-kernel 10 admidio/admidio 10 opencart/opencart 10 wwbn/avideo 10 sylius/sylius 10 laravel/framework 10 pagekit/pagekit 10 nukeviet/nukeviet 10 pimcore/admin-ui-classic-bundle 10 tinymce/tinymce 9 TinyMCE 9 ssddanbrown/bookstack 9 tinymce 9 funadmin/funadmin 9 kevinpapst/kimai2 9 concrete5/core 9 october/october 9 alextselegidis/easyappointments 9 croogo/croogo 8 facturascripts/facturascripts 8 gilacms/gila 8 pimcore/customer-management-framework-bundle 8 yiisoft/yii2 8 october/cms 8 sulu/sulu 8 codiad/codiad 8 pterodactyl/panel 7 october/backend 7 wpglobus/wpglobus 7 silverstripe/admin 7 statamic/cms 7 symfony/http-foundation 7 flarum/core 7 silverstripe/graphql 7 contao/core 6 zoujingli/thinkadmin 6 directmailteam/direct-mail 6 backdrop/backdrop 6 in2code/femanager 6 nystudio107/craft-seomatic 6 composer/composer 6 yourls/yourls 6 bagisto/bagisto 6 guzzlehttp/guzzle 6 yiisoft/yii2-dev 6 dweeves/magmi 6 symfony/http-kernel 6 phpseclib/phpseclib 5 phpxmlrpc/phpxmlrpc 5 vrana/adminer 5 symfony/security-core 5 oro/platform 5 typo3/cms-install 5 bottelet/flarepoint 5 billz/raspap-webgui 5 thinkcmf/thinkcmf 5 silverstripe/assets 5 simplesamlphp/saml2 5 gleez/cms 5 cachethq/cachet 5 elgg/elgg 5 automad/automad 5 ibexa/core 5 anchorcms/anchor-cms 5 gugoan/economizzer 5 ezsystems/ezplatform-admin-ui 5 pear/archive_tar 5 magento/product-community-edition 4 typo3/html-sanitizer 4 typo3/cms-frontend 4 woocommerce/woocommerce 4 wintercms/winter 4 idno/known 4 bref/bref 4 notrinos/notrinos-erp 4 modx/revolution 4 evolutioncms/evolution 4 bytefury/crater 4 spatie/browsershot 4 oro/commerce 4 wp-premium/gravityforms 4 codeigniter4/shield 4 symfony/security-bundle 4 pyrocms/pyrocms 4 phpservermon/phpservermon 4 shopware/storefront 4 appwrite/server-ce 4 adodb/adodb-php 3 bbpress/bbpress 3 ezsystems/ezpublish-legacy 3 artesaos/seotools 3 joomla/framework 3 zendframework/zendrest 3 zencart/zencart 3 kimai/kimai 3 zendframework/zendservice-audioscrobbler 3 pixelfed/pixelfed 3 buddypress/buddypress 3 codeigniter/framework 3 mantisbt/mantisbt 3 twig/twig 3 tecnickcom/tcpdf 3 zendframework/zendservice-nirvanix 3 apache-solr-for-typo3/solr 3 limesurvey/limesurvey 3 symfony/form 3 zendframework/zendservice-slideshare 3 zendframework/zendservice-technorati 3 zendframework/zendservice-windowsazure 3 zendframework/zendservice-amazon 3 illuminate/database 3 phpoffice/phpspreadsheet 3 qcubed/qcubed 3 typo3/cms-form 3 quickapps/cms 3 prestashop/productcomments 3 verbb/comments 3 icecoder/icecoder 3 sylius/resource-bundle 3 facade/ignition 3 uvdesk/community-skeleton 3 enshrined/svg-sanitize 3 joomla/joomla-cms 3 yiisoft/yii 3 flarum/framework 3 verot/class.upload.php 3 ckeditor4 3 phenx/php-svg-lib 3 processwire/processwire 3 enhavo/enhavo-app 3 froala/wysiwyg-editor 3
Filter by Repository
https://github.com/moodle/moodle 210 https://github.com/pimcore/pimcore 111 https://github.com/microweber/microweber 85 https://github.com/thorsten/phpmyfaq 69 https://github.com/Dolibarr/dolibarr 55 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/centreon/centreon-archived 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/top-think/framework 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/tinymce/tinymce 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/funadmin/funadmin 9 https://github.com/LavaLite/cms 9 https://github.com/bolt/bolt 9 https://github.com/laravel/framework 9 https://github.com/kevinpapst/kimai2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/pimcore/customer-data-framework 8 https://github.com/Sylius/Sylius 8 https://github.com/admidio/admidio 8 https://github.com/sulu/sulu 8 https://github.com/francoisjacquet/rosariosis 8 https://github.com/Froxlor/Froxlor 8 https://github.com/GilaCMS/gila 8 https://github.com/wallabag/wallabag 8 https://github.com/d4wner/Vulnerabilities-Report 7 https://github.com/Codiad/Codiad 7 https://github.com/ezsystems/ezplatform-kernel 7 https://github.com/pterodactyl/panel 7 https://github.com/pagekit/pagekit 7 https://github.com/flarum/framework 7 https://github.com/croogo/croogo 7 https://github.com/ImpressCMS/impresscms 6 https://github.com/bookstackapp/bookstack 6 https://github.com/TribalSystems/Zenario 6 https://github.com/statamic/cms 6 https://github.com/guzzle/guzzle 6 https://github.com/wintercms/winter 6 https://gitlab.com/francoisjacquet/rosariosis 6 https://github.com/nystudio107/craft-seomatic 6 https://github.com/oroinc/orocommerce 6 https://github.com/zendframework/zf1 5 https://github.com/composer/composer 5 https://github.com/dub-flow/vulnerability-research 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/ibexa/core 5 https://github.com/silverstripe/silverstripe-graphql 5 https://github.com/jbroadway/elefant 5 https://github.com/Bottelet/DaybydayCRM 5 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 5 https://github.com/vrana/adminer 5 https://github.com/gggeek/phpxmlrpc 5 https://github.com/phpseclib/phpseclib 5 https://github.com/thinkcmf/thinkcmf 5 https://github.com/pear/Archive_Tar 5 https://github.com/nukeviet/nukeviet 5 https://github.com/gleez/cms 5 https://github.com/phpservermon/phpservermon 4 https://github.com/TYPO3/html-sanitizer 4 https://github.com/zoujingli/ThinkAdmin 4 https://github.com/silverstripe/silverstripe-admin 4 https://github.com/LimeSurvey/LimeSurvey 4 https://github.com/codeigniter4/shield 4 https://github.com/bagisto/bagisto 4 https://github.com/appwrite/appwrite 4 https://github.com/backdrop/backdrop 4 https://github.com/oroinc/platform 4 https://github.com/spatie/browsershot 4 https://github.com/crater-invoice/crater 4 https://github.com/opencart/opencart 4 https://github.com/yourls/yourls 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezplatform-admin-ui 4 https://github.com/screetsec/VDD 4 https://github.com/brefphp/bref 4 https://github.com/hieuminhnv/Zenario-CMS-last-version 4 https://github.com/qcubed/qcubed 3 https://github.com/kimai/kimai 3 https://github.com/quickapps/cms 3 https://github.com/elgg/elgg 3 https://github.com/PrestaShop/productcomments 3 https://github.com/oroinc/crm 3 https://github.com/modxcms/revolution 3 https://github.com/facade/ignition 3 https://github.com/Rudloff/alltube 3 https://github.com/idno/known 3 https://github.com/pixelfed/pixelfed 3 https://github.com/mantisbt/mantisbt 3 https://github.com/notrinos/notrinoserp 3 https://github.com/guzzle/psr7 3 https://github.com/darylldoyle/svg-sanitizer 3 https://github.com/liufee/feehicms 3 https://github.com/dd3x3r/enhavo 3 https://github.com/in2code-de/femanager 3 https://github.com/flarum/core 3 https://github.com/Sylius/SyliusResourceBundle 3 https://github.com/verbb/comments 3 https://github.com/BookStackApp/BookStack 3 https://github.com/zendframework/zendframework 3 https://github.com/uvdesk/community-skeleton 3 https://github.com/ADOdb/ADOdb 3 https://github.com/Athlon1600/php-proxy-app 3 https://github.com/artesaos/seotools 3 https://github.com/TYPO3-Solr/ext-solr 3 https://github.com/belong2yourself/vulnerabilities 3 https://github.com/twigphp/Twig 3 https://github.com/concrete5/concrete5 3 https://github.com/PHPOffice/PhpSpreadsheet 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/phpmyadmin/composer 2 https://github.com/UniSharp/laravel-filemanager 2 https://github.com/phpbb/phpbb 2 https://github.com/FriendsOfSymfony1/symfony1 2 https://github.com/verbb/image-resizer 2 https://github.com/packbackbooks/lti-1-3-php-library 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/PHPSocialNetwork/phpfastcache 2 https://github.com/TYPO3/Fluid 2 https://github.com/tpwd/ke_search 2 https://github.com/top-think/thinkphp 2 https://github.com/filegator/filegator 2 https://github.com/PrestaShop/blockreassurance 2 https://github.com/ezsystems/ezpublish-legacy 2 https://github.com/ezsystems/ezplatform-rest 2 https://github.com/PrivateBin/PrivateBin 2 https://github.com/thephpleague/commonmark 2 https://github.com/ptrofimov/beanstalk_console 2 https://github.com/bolt/core 2 https://github.com/kitodo/kitodo-presentation 2 https://github.com/KnpLabs/snappy 2 https://github.com/laminas/laminas-diactoros 2 https://github.com/z-song/laravel-admin 2 https://github.com/Admidio/admidio 2 https://github.com/YOURLS/YOURLS 2 https://github.com/akeneo/pim-community-dev 2 https://github.com/icecoder/ICEcoder 2 https://github.com/yiisoft/yii2-authclient 2 https://github.com/yiisoft/yii 2 https://github.com/ibexa/admin-ui 2 https://github.com/alexbsec/CVEs 2 https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version 2 https://github.com/helloxz/imgurl 2 https://github.com/munkireport/munkireport-php 2 https://github.com/mustgundogdu/Research 2 https://github.com/nette/latte 2 https://github.com/wp-graphql/wp-graphql 2 https://github.com/anchorcms/anchor-cms 2 https://github.com/woocommerce/woocommerce 2 https://github.com/gongfuxiang/shopxo 2 https://github.com/nu11secur1ty/CVE-nu11secur1ty 2 https://github.com/apereo/phpCAS 2 https://github.com/api-platform/core 2 https://github.com/orchidsoftware/platform 2